Feb 022017

— The list of entities reporting that employee W-2 data was acquired by phishing.–

Last year, this site compiled 145 W-2 phishing incidents before I somewhat waved a white flag in terms of trying to keep up, but as I started working on this year’s list, I found even more cases from 2016, bringing the 2016 list to 175 reports.

Let’s see how 2017 goes. Expect reports to come in over the next months (not weeks, but months, and perhaps throughout the year). Here’s the list I’ve got so far for 2017, and it will be updated as I become aware of new incidents.  Steve Ragan of Salted Hash has indicated that he will keep track, too, so do check his space also for additional information. As of March 13, Steve estimates 120,000 affected for the 110 incidents we had as of that date.

Note: DataBreaches.net would like to thank the Identity Theft Resource Center and Doug Levin, who both have also been helping find and track these incidents.

  1. Dracut Schools [662 (FOIA response)]
  2. Tipton County Schools 
  3. Odessa School District [“hundreds of employees”]
  4. Campbell County Health  [1,400]
  5. Marin Software
  6. UGI Utilities [1,900]
  7. Sunrun [a “a substantial portion” of 4,000 employees]
  8. Lexington School District Two (SC)
  9. Mercedes Independent School District (TX) [950]
  10. eHealthInsurance (eHealth, Inc.)
  11. Kuhana Associates
  12. Point Coupee Hospital [200]
  13. Morton School District (IL)
  14. Scotty’s Brewhouse (IN) [4,000]
  15. Mitchell Gold + Bob Williams [1,100]
  16. Persante
  17. TransPerfect 
  18. Davidson County Schools (NC)
  19. Belton Independent School District (TX) [1,700]
  20. Argyle School District (TX)
  21. Renovate America (CA)
  22. Manatee County School District [7,900]
  23. Anchor Packaging
  24. Distribution International
  25. Sky Climber, LLC
  26. College of Southern Idaho [2500]
  27.  West Michigan Whitecaps [230]
  28. Adventist Health Tehachapi Valley [Updated to 253]
  29. Verc Enterprises, Inc.
  30. Monarch Beverage (IN)
  31. Corsicana Independent School District
  32. Alton Steel [300]
  33. Mohave Community College
  34. City of Twinsburg, Ohio [500]
  35. Showpay, LLC
  36. SouthEast Alaska Regional Health Consortium
  37. Land Title Guarantee Company
  38. AmTote Intl [350]
  39. Sweeney Drywall Finishes Corp.
  40. Mercer County Schools (WVa) [1800]
  41. Patrick Industries [4,700]
  42. Bloomington Public Schools (MN) [1800]
  43. NEO Tech
  44. Petro 49 (Phishing or Hack??)
  45. Klondex Gold & Silver Mining
  46. Frosch International Travel
  47. Citizens Memorial Hospital 
  48. Driveline Retail
  49. Northwestern College (IA)
  50. Asbury Communities [3,000]
  51. TrustComm, Inc.
  52. Verato, Inc.
  53. TrueNet Communications [506] 
  54. Pacific Biosciences
  55. Bentley Truck Services
  56. Tate Access Floors [7]
  57. Accolade, Inc.
  58. ABNB Federal Credit Union
  59. MBA Consulting Services
  60. Goode Compliance International (? )
  61. Vecellio Group
  62. Astadia, Inc.
  63. Ashland University
  64. Maxor National Pharmacy Services
  65. Virginian Wesleyan College
  66. Amplify
  67. Black River Falls School District [478]
  68. Trenton R-9 School District [260]
  69. Barron Area School District [431]
  70. American Senior Communities* (IN) [“more than 17,000”]
  71. Crotched Mountain Foundation [~1000]
  72. Mount Healthy City Schools [600]
  73. Meridian Health Services [1200]
  74. Viskase Companies, Inc. [590]
  75. InterMountain Management, LLC
  76. Cayan
  77. LEAF Commercial Capital, Inc.
  78. Gardiner & Appel (Phishing?)
  79. North Carolina Symphony [262]
  80. Ellwood Thompson’s Local Market  [360]
  81. Civitas Media
  82. San Antonio Symphony [250]
  83. Abernathy Independent School District
  84. The Amalgamated Sugar Company, LLC [2,858]
  85. Tab Products Co., LLC
  86. Vintage Realty Company (2015 and 2016)
  87. Redmond School District [~1000]
  88. North Ridgeville Beckett Air [~200]
  89.  Independence School District 
  90. Wisenbaker Building Services
  91. Autoneum North America Inc.  [2,400]
  92. Northeast Ohio Regional Sewer District** [~900]
  93. MetWest Terra Hospitality
  94. Yukon Public Schools
  95. Allied Minds, LLC
  96. Aero Air
  97. Groton Public Schools [1300]
  98. MAM Software [81]
  99. Tyler Independent School District  
  100. Glastonbury Public Schools [1600]
  101. Equian LLC (and subsidiaries, Nurse Audit LLC) 
  102. Weidenhammer [~180]
  103. Alabama State Port Authority [780]
  104. Joseph-Beth
  105. ProScan Imaging, LLC
  106. PCA Skin
  107. Ark City School District – USD 470
  108. Berkley Mid-Atlantic Group
  109. Dawson
  110. BBB Industries, LLC***
  111. Geokinetics
  112. ADF International(sent inquiry as to W-2 phishing)
  113. Dairy Management, Inc (sent inquiry as to W-2 phishing)
  114. QualiChem, Inc [84]
  115. Toscano Clements Taylor [36]
  116. Ben Bolt Independent School District
  117. Arkansas City USD 470 [“dozens,” but not all]
  118. NSC Technologies, LLC
  119. City of San Marcos [803]
  120. Colorado Nonprofit Development Center
  121. Defense Point Security, LLC 
  122. SolutionsIQ, Inc.
  123. Biomedical Systems Corp.
  124. American Tire Distributors
  125. J.N. Phillips Company (and subsidiaries Windshield Centers LLC and Strategic Claim Services, Inc.)
  126. Palm Bay International
  127.  Powhatan County Public Schools [905]
  128. Coupa [“hundreds”]
  129. Walton School District [30]
  130. Schurman Retail Group
  131. Kettle Cuisine [351]
  132. Federal Process Corporation (.docx file)
  133. Temptronic Corp (subsidiary of inTEST)
  134. inMoment, Inc.
  135. AmQuip Crane Rental, LLC
  136. netPolarity, Inc.

* Unnamed payroll processor fell for phish.
** Two employees separately fell for the phish and sent out W-2 data.
*** Note: this is NOT “the Better Business Bureau”

  21 Responses to “Victims of W-2 phishing scams (2017 list) [STICKY]”

  1. I had a call from someone posing to work for Walgreens said that he didnt work in the store was a floater wanted to change my prescription refills from 30 to 90 days got really bad with all the hacking I had that month in November, had to get rid of my email, contacts and grandchildrens pics and facebook. Gave the info to Walgreens as I felt there was a person standing by the register doing something with his “phone” watching everyone as they were in line. When I left the store, reporting the incident that happened on the phone I notified corporate. They never got back to me although I opened a case, called three times. Of course it may be an inside job, I believe it is, have all the info as I document heavily. So sad to see whats happening to my childrens world, I dont have an email any more by choice

  2. I think I have found a few others, as I have been tracking security issues related to K-12 school districts specifically. Running list at: https://www.edtechstrategies.com/blog/irs-phishing/

    • Thanks, Doug. I checked your list.
      There are three that you list that I didn’t have on mine. One is from today: Bloomington, which I hadn’t picked up yet – thanks!
      But the other two you list that I don’t have are not from 2017. They were both last year: the Olympia School District one and the Maine school one (Brunswick).

      So my count for k-12 schools is now at 13 for this year so far.

      Please do let me know if you find others that you think I’ve missed. I appreciate all help.

  3. Citizens Memorial Hospital??

    • Yes. I added them earlier today. Did you read the linked article? Why the “??” in your comment?

      • It hadn’t yet been added to the phishing list when I first saw it.

        I’d also like to give a shout out to the Montana AG’s office for their updated listings – great new source for breaches!

        • Ah, now I understand. Yeah, I check Montana’s list every day… and the other state lists that I know about. If you see something in a media report that I might miss, do let me know.

    • Yeah, I had picked that one up, too.

      Was just totalling what we’ve got so far for where we do have numbers (which is less than half of the incidents). Already more than 57,000 affected.

  4. Tab Products Co.

    Please know that I am just trying to lend an ear (eye?) to finding all of these crazy breaches.


  5. Thank you so much for adding links to breaches #51 – #58! I was having difficulty trying to find sources for those…


Sorry, the comment form is closed at this time.